/** * @file tees_secure_object.h * @brief GP-like secure objects defition * @author Iaroslav Makarchuk (i.makarchuk@samsung.com) * @date Created Oct 3, 2016 * @par In Samsung Ukraine R&D Center (SURC) under a contract between * @par LLC "Samsung Electronics Ukraine Company" (Kiev, Ukraine) and * @par "Samsung Elecrtronics Co", Ltd (Seoul, Republic of Korea) * @par Copyright: (c) Samsung Electronics Co, Ltd 2015. All rights reserved. * * This software is proprietary of Samsung Electronics. * No part of this software, either material or conceptual may be copied * or distributed, transmitted, transcribed, stored in a retrieval system * or translated into any human or computer language in any form by any means, * electronic, mechanical, manual or otherwise, or disclosed to third parties * without the express written permission of Samsung Electronics. * * The file was taken from tzsl repo and modified for Multibuild project's * needs. */ #ifndef _TEES_SECURE_OBJECT_H #define _TEES_SECURE_OBJECT_H #include #ifdef __cplusplus extern "C" { #endif #define AUTHORITY_NAME_LEN 16 #define AUTHORITY_STR_LEN (AUTHORITY_NAME_LEN + 1) /* * Structures and macro for Secure Object KDF function */ typedef struct { char uuid[16]; } UUID; typedef struct { char id[AUTHORITY_NAME_LEN]; } AUTHORITY; typedef struct { uint32_t access_flags; UUID ta_id; AUTHORITY auth_id; } SO_AccessControlInfoType; /* Set if SO have to be valid only for this TA */ #define TA_ID_AC 0x1 /* Set if SO have to be valid only for this TA Authority */ #define AUTH_ID_AC 0x2 /* Set if SO have to be valid only for a specific TA (the ta_id field) */ #define DELEGATED_TA_ID_AC 0x4 /* Set if SO have to be valid only for a specific TA Authority (the auth_id field) */ #define DELEGATED_AUTH_ID_AC 0x8 /** * @brief Encrypt and sign input data. * * Function will be used to create an encrypted or wrapped secure object * from an unprotected data. * * @param[in] in Pointer to input buffer. * @param[in] in_len Input buffer length. * @param[out] out Pointer to outdata. Can be set to NULL in combination * with *out_len = 0 for getting required output buffer size. * @param[in,out] out_len Maximum/actual size of out buffer. * @param[in] ac Pointer to Access Control struct SO_AccessControlInfoType. * This is a structure containing access control information. * Can be NULL if no specific access control required. * * @retval TEE_SUCCESS data was successfully wrapped, error otherwise. * * @details Example: * @code{.c} * TEES_WrapSecureObject((const unsigned char *)key1_str, * DATA256K, * wrapout, * &wrapout_len, * &ac_info); * @endcode */ TEE_Result TEES_WrapSecureObject( const unsigned char *in, uint32_t in_len, unsigned char *out, uint32_t *out_len, SO_AccessControlInfoType *ac); /** * @brief Decrypt and verify wrapped data. * * Function will take a buffer containing wrapped SO and decrypt it to a * format understandable by the caller. * * @param[in] in Pointer to input buffer. * @param[in] in_len Length of input buffer. * @param[out] out Pointer to outdata. Can be set to NULL in combination * with *out_len = 0 for getting required output buffer size. * @param[in,out] out_len Maximum/actual size of out buffer. * * @retval TEE_SUCCESS data was successfully unwrapped, error otherwise. * * @details Example: * @code{.c} * TEES_UnwrapSecureObject((const unsigned char *)key1_str, * DATA256K, * wrapout, * &wrapout_len); * @endcode */ TEE_Result TEES_UnwrapSecureObject( const unsigned char *in, uint32_t in_len, unsigned char *out, uint32_t *out_len); #ifdef __cplusplus } #endif #endif //_TEES_SECURE_OBJECT_H